none
Enable security in WCF RRS feed

  • Question

  • Hello everyone,
    I have a WCF service which has about 10 .*svc services. I decide to enable security on this service the I do below steps:
    1. define an user in host server that service hosted on it and grant full access to services directory to that user.
    2. in IIS select that service and disable Anonymous Authentication and enable basic Authentication.
    3. and change web.config as below(bold lines added):

      <?xml version="1.0"?>
      <configuration>

      <connectionStrings>
      </connectionStrings>

      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
        <add key="APK_Version_Code" value="16" />
        <add key="APK_Version_Name" value="1.8.6" />
        <add key="Maintenance_Mode" value="false" />
      </appSettings>
      <system.web>
        <compilation debug="true" targetFramework="4.5.2" />
        <httpRuntime targetFramework="4.5.2"/>
        <authentication mode="Windows"></authentication>
      </system.web>
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding>
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        
        <services>
          <service behaviorConfiguration="DokkanService.ChargeBehavior" name="DokkanService.Charge">
            <endpoint address="" binding="basicHttpBinding"  contract="DokkanService.ICharge">
              <identity>
                <dns value="localhost"/>
              </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
          </service>
        </services>

        <behaviors>
          <serviceBehaviors>
            <behavior>        
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>         
              <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>

            <behavior name="DokkanService.ChargeBehavior">
              <serviceMetadata httpGetEnabled="true"/>          
              <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
            
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https" />
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <directoryBrowse enabled="true"/>
      </system.webServer>

    </configuration>

    4. finally restart web service.

    When i browse service on server side it request for user name and password and I insert them, then the service list appears. but when I select Charge.svc from result list, I get bellow error in IE:

    The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

    I search internet and test many ways but I cant find any solution. which step I miss? please help.
    Sunday, April 7, 2019 6:30 AM

All replies